$type = false;
$authid = false;
- if ( array_key_exists('username', $_GET)
- && array_key_exists('password', $_GET) )
+ if ( array_key_exists('username', $_POST)
+ && array_key_exists('password', $_POST) )
{
- if ( 1 == authuser_verify( sql_clean($_GET['username']), sql_clean($_GET['password'])))
+ if ( 1 == authuser_verify( sql_clean($_POST['username']), sql_clean($_POST['password'])))
{
$type = "user";
- $authid = $_GET['username'];
+ $authid = $_POST['username'];
}
else
{
exit;
}
}
- else if ( array_key_exists('api_key', $_GET) )
+ else if ( array_key_exists('api_key', $_POST) )
{
- if ( verify_apikey( sql_clean( $_GET['api_key'] ) ) == 1 )
+ if ( verify_apikey( sql_clean( $_POST['api_key'] ) ) == 1 )
{
$type = "key";
- $authid = $_GET['api_key'];
+ $authid = $_POST['api_key'];
}
else
{
// De-authenticate/deauthorize the ongoing session.
// I.e. destroy session data, remove session cookies.
$session_name = "";
- if ( array_key_exists('session', $_GET ) )
- $session_name = $_GET['session'];
+ if ( array_key_exists('session', $_POST ) )
+ $session_name = $_POST['session'];
session_name($session_name);
session_start();
clear_credentials($session_name);
// The ping required a valid session...
// A successful ping returns a 'response' => 'pong'
// along with the new auth_key.
- $session_name = $_GET['session'];
+ $session_name = $_POST['session'];
$authid = $_SESSION['authid'];
$auth_key = update_authkey( $session_name, $authid );
print json_encode( array( 'response' => 'pong', 'auth_key' => $auth_key ));
if ( ! can_write() )
simple_authfail();
- if ( array_key_exists('host_ip', $_GET )
- && array_key_exists('access', $_GET ))
+ if ( array_key_exists('host_ip', $_POST )
+ && array_key_exists('access', $_POST ))
{
- $host = $_GET['host_ip'];
- $access = $_GET['access'];
+ $host = $_POST['host_ip'];
+ $access = $_POST['access'];
if (! preg_match("/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/", $host) || ! authlevel_value( $access ) )
{
if ( ! can_write() )
simple_authfail();
- if ( array_key_exists('api_key', $_GET ) )
+ if ( array_key_exists('api_key', $_POST ) )
{
- $key = sql_clean( $_GET['api_key'] );
+ $key = sql_clean( $_POST['api_key'] );
// Perform a key-verification, skipping host/remote-address check.
if ( ! verify_apikey( $key, true ) )
{
if ( ! can_write() )
simple_authfail();
- if ( array_key_exists('username', $_GET )
- && array_key_exists('access', $_GET ))
+ if ( array_key_exists('username', $_POST )
+ && array_key_exists('access', $_POST ))
{
- $user = $_GET['username'];
- $access = $_GET['access'];
+ $user = $_POST['username'];
+ $access = $_POST['access'];
$level = authlevel_value( $access );
if ( ! $level )
if ( ! can_write() )
simple_authfail();
- if ( array_key_exists('username', $_GET ))
+ if ( array_key_exists('username', $_POST ))
{
- $user = $_GET['username'];
+ $user = $_POST['username'];
$t_level = get_authorization( "user", $user );
git.defcon.no / hermes / blobdiff